Fintech is — and has been — an emerging market globally for some time now. Accenture reported that global fintech investments climbed 28% in the first half of 2019 compared to 2018. No other region has seen this stark growth more than in Asia, where over $14.4B of investments were recorded since 2016, as reported by UOB in the State of Fintech in ASEAN report.
The immense opportunities that come with this growth also carry an equal amount of threats in the form of hackers. It was revealed in the Money20/20 event that more than 19,000 Singapore bank cards were up for sale in the dark web in 2018, amounting to an estimated underground value of S$640,000.
Unsurprisingly, among the most prominent regulatory bodies in Asia, including the Reserve Bank of India and the Financial Services Agency (Japan), the Monetary Authority of Singapore (MAS) is regarded as one of the most stringent and progressive with regards to emerging fintechs.
As a young fintech desiring to succeed in this enormous market in Asia, what are the top 3 challenges organisations need to overcome?
Fintech regulations are not yet laid out clearly in black and white – there is a lot of grey space in the financial industry, with constantly evolving requirements and rules. Regulators are working to develop rules that will govern the fintech space, but as a business wants to grow beyond one country, they will notice that the regulations may differ drastically. Best practices and guiding principles are universal but nuances and interpretations differ. There is thus a need to adapt to globally-recognised standards including PCI-DSS, CIS, or NIST, as well as local regulatory mandates, for example, the MAS-TRM and MAS Cyber Hygiene in Singapore.
As an emerging fintech, compliance needs to be addressed with the relevant security regulations early on to avoid costly mistakes later. The best way to do this is to either have a team in-house or to engage a team of experts who can help the business with governance, risk regulations, policy planning, advice, and automated compliance tools to monitor operations and infrastructure.
The consumerisation of finance means we are seeing more fintech applications that can access users’ profiles and data to realise various real-time transactions. With the proliferation of these web, mobile or IOT apps, these have also become one of the main attack vectors and primary entry points into larger infrastructures and networks.
Given the latest cloud and container technology, integration of business-critical processes, and data sharing with numerous third-parties, incomplete visibility and complexity remain a big challenge.
Businesses need specialists that can create data flow maps, secure the network, and implement sensitive data storage solutions. What’s also important is thinking about implementing the rights to access certain data, as well as rights to be forgotten, in order to ensure tighter user control of data. Even with scaled growth at CardUp, this remains a top priority of our team, especially as a fintech company in the payments space.
From increasingly sneaky malware to highly-targeted phishing attacks, there are simply too many ways for threat actors to gain access to the systems.
It just takes one team member on the wrong end of a phishing campaign to trigger a sensitive data exposure event. Threats coming from all angles and not just unauthorised malicious actors. there are even some unexpected ones, such as insider threats. According to Verizon’s report — 57% of database breaches involved insider threats within an organization. Including the possibility of accidental sensitive data sharing and malware/ransomware attacks, covering all the bases becomes a costly and complex endeavour.
At CardUp, we take this prevention a step further by inculcating a culture that security is everybody’s responsibility. We constantly remind everyone in the company to stay vigilant and to consciously apply security principles in their day-to-day work.
This blogpost first appeared as a guest blog post on the Horangi Blog.